Untriaged
Permalink
CVE-2023-6004
3.9 LOW
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): REQUIRED
- Scope (S): UNCHANGED
- Confidentiality impact (C): LOW
- Integrity impact (I): LOW
- Availability impact (A): NONE
Libssh: proxycommand/proxyjump features allow injection of malicious code through hostname
A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.
References
- RHBZ#2251110 issue-tracking x_refsource_REDHAT
- https://www.libssh.org/security/advisories/CVE-2023-6004.txt
- https://access.redhat.com/security/cve/CVE-2023-6004 x_refsource_REDHAT vdb-entry
- https://access.redhat.com/security/cve/CVE-2023-6004 x_refsource_REDHAT vdb-entry
- RHBZ#2251110 issue-tracking x_refsource_REDHAT
- https://www.libssh.org/security/advisories/CVE-2023-6004.txt
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://www.libssh.org/security/advisories/CVE-2023-6004.txt
- https://access.redhat.com/security/cve/CVE-2023-6004 x_refsource_REDHAT vdb-entry
- RHBZ#2251110 issue-tracking x_refsource_REDHAT
- RHBZ#2251110 issue-tracking x_refsource_REDHAT
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://www.libssh.org/security/advisories/CVE-2023-6004.txt
- https://access.redhat.com/security/cve/CVE-2023-6004 x_refsource_REDHAT vdb-entry
- https://access.redhat.com/security/cve/CVE-2023-6004 x_refsource_REDHAT vdb-entry
- RHBZ#2251110 issue-tracking x_refsource_REDHAT
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://www.libssh.org/security/advisories/CVE-2023-6004.txt
- https://access.redhat.com/security/cve/CVE-2023-6004 x_refsource_REDHAT vdb-entry
- RHBZ#2251110 issue-tracking x_refsource_REDHAT
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://www.libssh.org/security/advisories/CVE-2023-6004.txt
- https://security.netapp.com/advisory/ntap-20240223-0004/
- https://access.redhat.com/security/cve/CVE-2023-6004 x_refsource_REDHAT vdb-entry
- RHBZ#2251110 issue-tracking x_refsource_REDHAT
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://security.netapp.com/advisory/ntap-20240223-0004/
- https://www.libssh.org/security/advisories/CVE-2023-6004.txt
- RHSA-2024:2504 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-6004 x_refsource_REDHAT vdb-entry
- RHBZ#2251110 issue-tracking x_refsource_REDHAT
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://security.netapp.com/advisory/ntap-20240223-0004/
- https://www.libssh.org/security/advisories/CVE-2023-6004.txt
- RHSA-2024:2504 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-6004 x_refsource_REDHAT vdb-entry
- RHBZ#2251110 issue-tracking x_refsource_REDHAT
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://security.netapp.com/advisory/ntap-20240223-0004/
- https://www.libssh.org/security/advisories/CVE-2023-6004.txt
- RHSA-2024:2504 x_refsource_REDHAT vendor-advisory
- RHSA-2024:3233 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-6004 x_refsource_REDHAT vdb-entry
- RHBZ#2251110 issue-tracking x_refsource_REDHAT
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://security.netapp.com/advisory/ntap-20240223-0004/
- https://www.libssh.org/security/advisories/CVE-2023-6004.txt
- RHSA-2024:2504 x_refsource_REDHAT vendor-advisory
- RHSA-2024:3233 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-6004 x_refsource_REDHAT vdb-entry
- RHBZ#2251110 issue-tracking x_refsource_REDHAT
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://security.netapp.com/advisory/ntap-20240223-0004/
- https://www.libssh.org/security/advisories/CVE-2023-6004.txt
- RHSA-2024:2504 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:3233 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2023-6004 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2251110 issue-tracking x_refsource_REDHAT x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- https://security.netapp.com/advisory/ntap-20240223-0004/ x_transferred
- https://www.libssh.org/security/advisories/CVE-2023-6004.txt x_transferred
- RHSA-2024:2504 x_refsource_REDHAT vendor-advisory
- RHSA-2024:3233 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-6004 x_refsource_REDHAT vdb-entry
- RHBZ#2251110 issue-tracking x_refsource_REDHAT
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://security.netapp.com/advisory/ntap-20240223-0004/
- https://www.libssh.org/security/advisories/CVE-2023-6004.txt
- RHBZ#2251110 issue-tracking x_refsource_REDHAT x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- https://security.netapp.com/advisory/ntap-20240223-0004/ x_transferred
- https://www.libssh.org/security/advisories/CVE-2023-6004.txt x_transferred
- RHSA-2024:2504 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:3233 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2023-6004 x_refsource_REDHAT vdb-entry x_transferred
- RHSA-2024:2504 x_refsource_REDHAT vendor-advisory
- RHSA-2024:3233 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-6004 x_refsource_REDHAT vdb-entry
- RHBZ#2251110 issue-tracking x_refsource_REDHAT
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://security.netapp.com/advisory/ntap-20240223-0004/
- https://www.libssh.org/security/advisories/CVE-2023-6004.txt
- RHSA-2024:2504 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:3233 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2023-6004 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2251110 issue-tracking x_refsource_REDHAT x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- https://security.netapp.com/advisory/ntap-20240223-0004/ x_transferred
- https://www.libssh.org/security/advisories/CVE-2023-6004.txt x_transferred
- RHSA-2024:2504 x_refsource_REDHAT vendor-advisory
- RHSA-2024:3233 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-6004 x_refsource_REDHAT vdb-entry
- RHBZ#2251110 issue-tracking x_refsource_REDHAT
- https://www.libssh.org/security/advisories/CVE-2023-6004.txt
- RHSA-2024:2504 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:3233 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2023-6004 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2251110 issue-tracking x_refsource_REDHAT x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- https://security.netapp.com/advisory/ntap-20240223-0004/ x_transferred
- https://www.libssh.org/security/advisories/CVE-2023-6004.txt x_transferred
- RHSA-2024:2504 x_refsource_REDHAT vendor-advisory
- RHSA-2024:3233 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-6004 x_refsource_REDHAT vdb-entry
- RHBZ#2251110 issue-tracking x_refsource_REDHAT
- https://www.libssh.org/security/advisories/CVE-2023-6004.txt
- RHSA-2024:2504 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:3233 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2023-6004 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2251110 issue-tracking x_refsource_REDHAT x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- https://security.netapp.com/advisory/ntap-20240223-0004/ x_transferred
- https://www.libssh.org/security/advisories/CVE-2023-6004.txt x_transferred
- RHSA-2024:2504 x_refsource_REDHAT vendor-advisory
- RHSA-2024:3233 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-6004 x_refsource_REDHAT vdb-entry
- RHBZ#2251110 issue-tracking x_refsource_REDHAT
- https://www.libssh.org/security/advisories/CVE-2023-6004.txt
- RHBZ#2251110 issue-tracking x_refsource_REDHAT x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- https://security.netapp.com/advisory/ntap-20240223-0004/ x_transferred
- https://www.libssh.org/security/advisories/CVE-2023-6004.txt x_transferred
- RHSA-2024:2504 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:3233 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2023-6004 x_refsource_REDHAT vdb-entry x_transferred
- RHSA-2024:2504 x_refsource_REDHAT vendor-advisory
- RHSA-2024:3233 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-6004 x_refsource_REDHAT vdb-entry
- RHBZ#2251110 issue-tracking x_refsource_REDHAT
- https://www.libssh.org/security/advisories/CVE-2023-6004.txt
- RHSA-2024:2504 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:3233 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2023-6004 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2251110 issue-tracking x_refsource_REDHAT x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- https://security.netapp.com/advisory/ntap-20240223-0004/ x_transferred
- https://www.libssh.org/security/advisories/CVE-2023-6004.txt x_transferred
- RHSA-2024:2504 x_refsource_REDHAT vendor-advisory
- RHSA-2024:3233 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-6004 x_refsource_REDHAT vdb-entry
- RHBZ#2251110 issue-tracking x_refsource_REDHAT
- https://www.libssh.org/security/advisories/CVE-2023-6004.txt
- RHSA-2024:2504 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:3233 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2023-6004 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2251110 issue-tracking x_refsource_REDHAT x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- https://security.netapp.com/advisory/ntap-20240223-0004/ x_transferred
- https://www.libssh.org/security/advisories/CVE-2023-6004.txt x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- RHSA-2024:2504 x_refsource_REDHAT vendor-advisory
- RHSA-2024:3233 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-6004 x_refsource_REDHAT vdb-entry
- RHBZ#2251110 issue-tracking x_refsource_REDHAT
- https://www.libssh.org/security/advisories/CVE-2023-6004.txt
- https://access.redhat.com/security/cve/CVE-2023-6004 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2251110 issue-tracking x_refsource_REDHAT x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- https://security.netapp.com/advisory/ntap-20240223-0004/ x_transferred
- https://www.libssh.org/security/advisories/CVE-2023-6004.txt x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- RHSA-2024:2504 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:3233 x_refsource_REDHAT vendor-advisory x_transferred
Affected products
libssh
- ==0.10.6
- ==0.9.8
- *
Matching in nixpkgs
pkgs.libssh2
Client-side C library implementing the SSH2 protocol
-
nixos-unstable -
- nixpkgs-unstable 1.11.1
pkgs.haskellPackages.libssh
libssh bindings
-
nixos-unstable -
- nixpkgs-unstable 0.1.0.0
pkgs.python312Packages.ansible-pylibssh
Python bindings to client functionality of libssh specific to Ansible use case
-
nixos-unstable -
- nixpkgs-unstable 1.2.2
pkgs.python313Packages.ansible-pylibssh
Python bindings to client functionality of libssh specific to Ansible use case
-
nixos-unstable -
- nixpkgs-unstable 1.2.2
pkgs.tests.pkg-config.defaultPkgConfigPackages.libssh2
Test whether libssh2-1.11.1 exposes pkg-config modules libssh2
-
nixos-unstable -
- nixpkgs-unstable libssh2
Package maintainers
-
@svanderburg Sander van der Burg <s.vanderburg@tudelft.nl>
-
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
-
@geluk Johan Geluk <johan+nix@geluk.io>